libde265: updated to 1.1.0
1.1.0
Added de265_security_limits parameters to limit the maximum image size and memory that libde265 will use during decoding.
Security fixes
CVE TBD (GHSA-g2rg-wj66-w594) - Out-of-bounds write in process_reference_picture_set via predicted short-term RPS
CVE TBD (GHSA-vv8h-932h-7r86) - Heap buffer overflow in de265_image_get_buffer via SPS dimension integer overflow
CVE TBD (GHSA-g5hj-rf9f-7vxm) - Unbounded memory accumulation via orphaned slice headers in read_slice_NAL
(GHSA-x27c-jp65-g395) - Quadratic CPU consumption in NAL parser (remove_stuffing_bytes, resize)
py-virtualenv: updated to 21.4.0
Features - 21.4.0
Remove dead code targeting Python versions below the supported target range (PyPy 3.6, deprecated importlib APIs) and simplify the runtime import hook in _virtualenv.py.
Support Windows debug builds (python_d.exe, venvlauncher_d.exe) matching CPython venv behavior, remove dead __SCRIPT_DIR__ replacement and has_shim version guard, drop unreachable Python 3.7 branch from pyvenv_launch_patch_active, and fix wheel deprecation message to say >= 3.9.
py-python-discovery: updated to 1.4.0
1.4.0
- Add ``debug_build`` attribute to :class:`PythonInfo` exposing whether the interpreter is a debug build
(``Py_DEBUG``)
Be consistent with "built in" vs "built-in"
Use the hyphenated version only when describing, or referring to, one (or
more, incl the general set of) actual built-in commands (like just there)
in sh.
Use the 2 word version in all other contexts, including when describing
functionality (like line editing) that is built in to sh (like just there)
except normally there one would write "built into" if not making the point!
tmux: update to 3.6b.
CHANGES FROM 3.6a TO 3.6b
* Remove images from the correct list when they are removed while in the
alternate screen (reported by xlabai at tencent dot com).
perl: fix security problem in Archive::Tar
Archive::Tar versions before 3.10 for Perl allow memory exhaustion via
attacker controlled entry size field in tar header
Bump PKGREVISION.
